Cyber Security Course Questions and Answers Rated A+

Cyber Security Course Questions and Answers Rated A+ Threats are... ...unwanted actions potentially harming assets. Vulnerabilities are... ...weaknesses in any safeguard for cyber assets. The likelihood of a threat is... ...the possibility that it may arise. The consequence of a threat is... ...the worst-case outcome of a threat. According to NIST 800-50, education is... ...any course/material that provides employees the necessary decision-making and management skills to improve promotional ability and mobility. According to NIST 800-50, training is... ...any course/material to provide employees the necessary skills to perform their job functions. According to NIST 800-50, awareness is... ...any orientation brief/material that informs and reminds employees of their security responsibilities and management's expectations. The benefits of Privacy Impact Assessments are... ...project compliance with laws, reflection of community values in designs, reduction of future costs, achievement of project goals, promotion of awareness, and ERM. The risks of Privacy Impact Assessments are... ...non-compliance with laws, loss of credibility with impacted entities, reputational damage, additional costs, and inadequate solutions. Types of IP and their definitions. Trademark - symbol, word, logo. Registered trademark - registration with a national authority. Nice Classification (NCL) - Goods are 1-34, Services 35-45. An international classification of goods and services. Patent - exlusive rights to make/sell invention, but must be public. Copyright - lawful right to control the dissemination of content. Trade Secrets - proprietary information that is confidential and protected assuming owner takes security precautions. NIST Cybersecurity Framework (CSF) IDENTIFY - PROTECT - DETECT - RESPOND - RECOVER Typical roles and responsibilities across an organisation Board of Directors → Executive Committee → ISM/CSM → Cyber Security Practitioners → External Specialists Cyber Security Triad Confidentiality - only disclose information to those with appropriate clearance, approval, and NTK Integrity - info only created, modified, destroyed, or managed through authorised means Availability - information may be readily accessed The definitions for Governance, Risk Management & Compliance Governance: Management and oversight at the organisational level Risk management: Process of identifying and managing risk to acceptable levels Compliance: demonstrating adherence to set of requirements the difference between risk tolerance and risk appetite Risk tolerance: what an organisation willing to bear on a case-by-case basis after all treatment options have been considered and applied Risk appetite: level of risk that an organisation willing to pursue or retain to meet its strategic objectives the logical order of the Risk Management and Process (ISO 31000) Context establishment → risk identification → risk analysis → risk evaluated → risk treatment → monitoring and review identify and list the attributes of cyber attacks Origin (internal/external), history (similar threats), capability (skill of attacker), profile (general behaviour), intent (adversarial/accidental/environmental), motivation (to targe org.), focus (how determined, what resources) Types of malicious software, especially APTs, and ransomware APTs - conducted by skilled and motivated adversary using variety of different methods, e.g., social engineering, theft of sensitive data or IP, technical attacks through software, persistence Virus - infection of host file or program Worm - self-replicates, moves laterally through networks Trojan - pretends to perform another function Rootkit - stealthy and hides itself from detection techniques Polymorphic virus - virus that mutates and changes its characteristics Ransomware - encrypts data and demands payment Spyware - collects information without consent Logic bomb - executes software under a condition Remote access Trojan - backdoor admin. Control Malvertising - malware X online ads Lockheed Martin Cyber Kill Chain 1. Reconnaissance - select a target and research it 2. Weaponisation - create an exploit with a backdoor into a deliverable payload 3. Delivery - via email, USB, web, ... 4. Exploitation - malware triggered through researched vulnerability 5. Installation - malware installed and opens backdoor 6. Command and Control - command channel established for remote manipulation 7. Actions on Objectives - accomplishes goals Risk treatment options Accept (retain) - accept risk, cost of controls too high or risk is insignificant Reduce - amount of risk exceeds appetite, controls used to reduce risk Transfer - share the risk by taking out insurance or using managed service Avoid - cessation of business activities that give rise to risk Threat taxonomy, threat agent, and threat source Identify threats to business at least annually as the threat landscape is constantly evolving. Threat source - generic term that describes the type of threat (e.g. flood, earthquake, hacker) Threat agent - specific instance of a source, or an event (e.g. an individual). BYOD Without controls, BYOD can be used to extrude data, introduce/distribute malware, act as unauthorised point of entry Security accreditation of software and hardware FIPS 140-2 - relates to accrediation of cryptographic modules. 4 levels: Level 1: Provides lowest level of security, only requirements based on cryptographic modules. No physical security requirements. Level 2: Requires role-based authentication where a cryptographic module is used for authentication. Module must show attempts to tamper with it. Level 3: Requires physical protection methods to ensure high degree of confidence that attemots to tamper are evident. Cryptographic module authenticates AND verifies authorisation. Level 4: Highest level of security. Any tamper attempts are detected and prevented, clear text data is zeroed upon breach.Useful for systems with zero physical protection. Viega & McGraw Security Architecture Design Principles 1. Secure the weakest link 2. Practice defence in depth 3. Fail securely 4. Follow principle of least privilege 5. Compartmentalise 6. Keep it simple 7. Promote privacy 8. Remember that hiding secrets is hard 9. Be reluctant to trust 10. Use your community resources Saltzer and Schroeder's eight principles for building secure and functional systems 1. Economy of mechanism 2. Fail-safe defaults 3. Complete mediation 4. Open design 5. Separation of privilege 6. Least privilege 7. Least common mechanism 8. Psychological acceptability Insourcing personnel/assets retained within an organisation (e.g. own data centre, own equipment) Outsourcing entering into contract with third-party who manages at least 1 process (onshore, offshore) Managed service outsourcing management with associated processes. Customer has oversight of the organisation, representative of third-party available. Types of managed services and their risks Single provider - Easy to govern. Risk: vendor lock-in, limited set of services. Multiple providers - Best services, governance lies with customer. Risk: Demarcation issues. Prime provider - Single provider leads various other providers. Easier governance. Risk: vendor lock-in, early release penalties. Cloud service models IaaS - customers access infrastrucutre to install own OS, manage storage & apps, configure network. PaaS - customers access computing platform, contains OS and maybe programming language, database, and web server that can be configured to suit customer needs. SaaS - customers access application software and databases only, minimal configuration options. symmetric encryption algorithm Same key used to encrypt and decrypt. User only has to remember one, use less processing power, suited for bulk data encryption. AES: Strongest symmetric algorithm. Asymmetric encryption algorithms Two keys: public (held by anyone) and private (held only by owner). Either can encrypt, only opposite can decrypt. Elliptic Curve Cryptography (ECC) Designed for low power devices (mobile phones) where asymmetric too intensive. ECC requires smaller keys than asymmetric to provide equivalent security. Faster than asymmetric, slower than symmetric. Hashing algorithms Turning plain-text of any size into fixed-length hash. Collision when two different inputs obtain the same hash. SHA-2 most common family (includes -224, -256, -384, and -512) Initialisation vectors Used in some symmetric ciphers to ensure first block of data is randomly generated to ensure identical plaintext encrypts to unique cyphertexts. Non-repudiation The security principle of providing proof that a transaction occurred between identified parties. Repudiation occurs when one party in a transaction denies that the transaction took place. NIST 800-145 Cloud Computing Characteristics Broad network access - capabilities available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms Rapid elasticity - capabilities can be elastically provisioned and released to scale outward and inward based on demand Measured service - cloud systems automatically control and optimise resource use by leveraging metering capability On demand self serice - consumer can provision computing capabilities as needed without human interaction Resource pooling - provider's computing resources pooled to serve multiple consumers using a multitenant model TCP port ranges for reserved and ephemeral use Reserved: 0 - 1023 Def: Server (destination ports) are bound to a reserved port on the foreign system and require super-user/adminstrative privileges to open. Ephemeral: Def: Any user may open such a port, and the local client (source) points are allocated using an ephemeral number on the local system. TCP three-way handshake SYN, SYN/ACK, ACK Encapsulation The process of taking information from a higher layer in the OSI layer and adding a header to it. De-encapsulation is the reverse, i.e., removing headers. Application: sending a letter - data moves down OSI stack, Protocal Data Unit (PDU) moves up the OSI stack. Writing in word (layer 4, application, TCP segment) -> envelope (layer 3, host-to-host transport, IP packet) -> post office (layer 2, internet, ethernet frame), on a plane (layer 1, network access, bits) OSI Layers (1 to 7) 1. Physical (copper, fibre, airwaves) 2. Data Link (bridges, switches) 3. Network (IPv4, IPv6, routing, routers) 4. Transport (end-to-end connectivity, TCP slow UDP fast) 5. Session - session mgmt 6. Presentation - extension (.docx) 7. Application IP masquerading Hiding private (RFC1918) IP addresses behind internet-visible IP addresses - allows private networks access to the internet Types of NAT Static, Dynamic, PAT or NAT Overload Data Remanence The remains of partial or even the entire data set after attempts to remove or erase VoIP Maintain separate voice and data networks. Weakness: common protocols traditionally do not offer encryption or make encryption tedious. Network collisions Domains where the network segment shares the same transmission medium (hub, repeater) - more than one device attempts to send a packet Virtualisation security concerns ISM mandates discrete environments, virtualisation escape (VMescape), vSphere configuration settings, limitations for traditional security solutions, virtual machine sprawl Types of firewalls Forward: Outbound towards internet, allows employees in corporate network access external resources Reverse: reaches back into network, when internet users access website that needs internal resources